MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

26.12.08

A while ago I came across an interesting recent report developed by the company Verizon Business under which describes the most common security problems that occurred during the past four years causing considerable loss of information in enterprises.

The report shows that:

in 87% of cases, problems could have been prevented easily through basic safety measures,

in 66% of cases, companies did not know they were publishing sensitive information through their systems and websites,

in 39% of security breaches, business partners actively participating in the company (Partners), an issue that has multiplied since 2004.

As you see, so far only mentioned three of the most important points that exposes the document but beyond that, they often miss considered trivial by forgetting that, however, are the key to an attacker. Moreover,

73% of the weaknesses were due to external sources,

18% was caused by internal staff, what is known as insider factor.

Given this information, we can demystify the belief that states that the greatest damage is caused by external attacks (73%) is perhaps carried out by a guy who is on the other side of the world from your PC and drinking beer . Contrary to what may seem remarkable that this percentage, damage from these attacks have a minimal impact.

Not so when the attack is led from within the organization because, although the percentage is lower (18%), this type of attack is what causes more damage in the company because, in most cases are committed by staff with inside information and knows the business and sensitive.

Now, after reading these points, the question that generates the turning point on this subject is "could have been avoided? As the answer a resounding YES.

In the same report stated that 87% of the problems could have been prevented through basic safety measures, ie through the implementation of reasonable safeguards designed precisely to prevent this important 87% of problems.

Another important fact that exposes the document is that 22% of the attacks occurred through the exploitation of vulnerabilities of which over 80% were known, ie it was not 0-Day exploit, besides having its corresponding security patch that addresses the weakness.

This point in particular, brings to mind the great noise that has been causing, for example, the worm conficker high infection rate in just days by exploiting a vulnerability in Windows platforms settled in security bulletin MS08-067, or the recent vulnerability in Internet Explorer resolved in MS08-078 and many trojans are actively exploiting.

Sa ber is extremely important that some basic safety measures we should take into account pass through implementing and / or update the Security Policy of the information in the enterprise, and monitor compliance with the measures outlined in this focuses almost the entire solution to security problems mentioned.

Know what data we have, where they are stored and what is the value that has each risk according to the plan made it is also an issue to consider and you can not secure what is not known and what is not knows where.

We should try to adopt the sense of a strategist to ensure the environment or at least find a proper balance of security in it.

An interesting document that calls for reflection on the security problems that commonly described leaving an organization's most valuable asset protection in that account information, often without knowing who is available "for all audiences".